Sophos has unveiled an updated edition of its next-generation firewall that blocks lateral movement across networks and comes with a free cloud-based management portal.
Due to enter general availability on Friday and available in trial form today, version 17.5 of Sophos XG Firewall draws on the U.K.-based vendor’s Synchronized Security technology and Intercept X endpoint security system to prevent devices in a compromised “red state” from communicating with other devices.
“If an endpoint gets infected, gets attacked, that information gets shared almost immediately with the firewall, and the firewall then propagates that information to the other endpoints,” says Dan Cole, senior director of product management in Sophos’s Network Security Group. “Effectively, you disallow communication between that endpoint and other endpoints within that same broadcast domain.” That allows channel pros and corporate IT professionals to spend less time and money on breach resolution, Cole continues.
A new IPSec VPN client in the new XG Firewall release automatically prevents remote users of red-state devices from connecting to the network as well, provided they’re running Intercept X.
All those capabilities build upon earlier firewall-endpoint integrations powered by Synchronized Security. In 2016, for example, XG Firewall gained the ability to prevent compromised devices from sending outbound traffic to the internet. A further upgrade rolled out last year enabled XG devices to block previously unidentified and potentially dangerous applications, based on real-time input from Intercept X.
When officially shipped at the end of the week, XG Firewall’s version 17.5 update will be available as a free download to all current users with an active maintenance contract.
The new system arrives as targeted attacks are becoming more and more popular among hackers who have relied chiefly on “spray and pray” phishing campaigns in recent years, according to the SophosLabs research unit’s recently published 2019 threat report. Though such mass attacks remain widespread, that study says, cyber-criminals are increasingly searching out vulnerabilities in a specific victim’s perimeter, using those to invade one endpoint, and then exploiting that beachhead as a launching point for further attacks across the network.
“Once you get on the LAN, the network is fairly open, with the firewalls usually at the gateway,” Cole observes. The latest edition of XG Firewall seeks to close that gap by stopping breaches at their point of entry. “Patient zero stays patient zero,” Cole says. “There’s no patient one, two, three, and four.”
The free cloud-based administration portal for XG Firewall, named Central Management 1.0, is designed to be an affordable, lightweight alternative to more powerful Sophos tools aimed at larger businesses. “It gives you free manageability of all your XGs, so if you’re a partner or reseller you can keep costs down,” Cole says. The new system is scheduled to enter beta testing on December 8th.
Other upgrades in XG Firewall 17.5 include significantly more granular filtering capabilities in the product’s built-in intrusion prevention system (IPS). “We’ve almost tripled the number of categories you can invoke on an IPS policy,” says Cole. As a result, he continues, technicians can now write filters for particular versions of the Apache web server if they wish rather than just for web servers in general.
With an eye on the needs of customers in the education vertical, meanwhile, Sophos has supplemented XG Firewall’s existing support for Windows, Mac, and mobile clients with protection for Chromebooks, which are popular among K-12 users especially. Among other things, the new functionality allows administrators to create user or group policies that prevent students from viewing offensive content on the Google search engine or YouTube.
In conjunction with the 17.5 launch, Sophos has enhanced several products regularly used in tandem with XG Firewall as well. The vendor’s cloud-based Sandstorm sandbox offering, for example, now utilizes the same neural networking-based deep learning capabilities added to Intercept X in January to provide more complete and effective protection against suspicious files.
The newest generation of wireless access points in the Sophos APX line, furthermore, now automatically lock out compromised endpoints running Intercept X. “They will prevent those particular Wi-Fi clients from connecting to the AP if they’re in the red state,” Cole explains. The same functionality applies to mobile devices on iOS or Android, he notes.
Sophos is currently in the midst of rolling out a new crop of APX devices with a more powerful chipset and support for the 802.11ac Wave 2 wireless standard. The company added endpoint detection and response capabilities to Intercept X last month as well, and introduced a version of that solution for servers in July.